oreilly.comSafari Books Online.Conferences.


Using the Root Account on Debian
Pages: 1, 2

Configuring sudo

The visudo calls your preferred text editor, rather than only vi! On a new system, this is the easy-to-use nano, so don't worry if you're not a vi expert.

The /etc/sudoers configuration file controls the use of sudo. You should never edit the file directly, but only through the use of the visudo command. The expression of permissions in sudoers is very flexible, allowing a tight degree of control over what others can run.

For example, to give the user fred the ability to run the kill program as root, add the following line to sudoers.

fred      ALL = /usr/bin/kill

The ALL means that the command can be run on any machine, which is useful if you are sharing the sudoers configuration over multiple machines on a network. The manual page describes the sudoers file format in detail; read it with man sudoers. Its very powerful flexibility allows fine-grained control over the allocation of privileges to users.

If you are happy with sudo, you may wish to disable root's password completely, meaning that everybody must use sudo to execute privileged commands. Do this with sudo passwd -l root. To reverse the process, run sudo passwd -u root.

Should I Really Always Use sudo?

One or two problems that arise from relying on sudo exclusively can mean you need to be careful. These coincide with the use of systems such as NIS or LDAP to control user accounts--these systems use (possibly remote) databases to provider user information. If an operation you run under sudo causes these services to fail, you will not be able to run sudo again to get out of the mess, due to the system's not being able to find information on your user account.

The answer to this is either to not disable the root login, to perform such dangerous operations in a root shell, or to use sudo -s to start a root shell session. Although such situations are rare, you should be aware of this risk, especially when running a development version of Debian, where failure during software upgrade is a possibility. Also, you can configure NIS or LDAP to fall back to a local user database, in which you can create yourself a backup account.

Finding Out More

The best way to learn about root privileges on your Debian system is to read the manual pages for su and sudo. Do this with the man command.

Edd Dumbill is co-chair of the O'Reilly Open Source Convention. He is also chair of the XTech web technology conference. Edd conceived and developed Expectnation, a hosted service for organizing and producing conferences. Edd has also been Managing Editor for, a Debian developer, and GNOME contributor. He writes a blog called Behind the Times.

Return to the Linux DevCenter.

Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!

Linux Resources
  • Linux Online
  • The Linux FAQ
  • Linux Kernel Archives
  • Kernel Traffic

  • Sponsored by: